Note that the byte order in mpi_fill_random_internal() is deliberate

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-06-03 11:51:09 +02:00
parent 405b091d9e
commit afb2bd2f22

View file

@ -2405,6 +2405,8 @@ cleanup:
/* Fill X with n_bytes random bytes.
* X must already have room for those bytes.
* The ordering of the bytes returned from the RNG is suitable for
* deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
* The size and sign of X are unchanged.
* n_bytes must not be 0.
*/